Use the anonymous python function to be sure the value set for 'SELINUX' in the config file is something useful. In the event that DEFAULT_ENFORCING isn't set to one of the 3 permissible values we set it to 'permissive'.
Signed-off-by: Philip Tricca <fl...@twobit.us> --- recipes-security/refpolicy/refpolicy_common.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 305675f..10e972d 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -66,6 +66,16 @@ EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}" EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`" EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'" +python __anonymous () { + import re + + # make sure DEFAULT_ENFORCING is something sane + if not re.match('^(enforcing|permissive|disabled)$', + d.getVar('DEFAULT_ENFORCING', True), + flags=0): + d.setVar('DEFAULT_ENFORCING', 'permissive') +} + do_compile() { oe_runmake conf oe_runmake policy -- 2.1.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto